Bug#1108205: popularity-contest: when run in a container, gpg complains about insecure memory
On Mon, Jun 23, 2025 at 08:57:33AM +0100, Philip Hands wrote:
> Package: popularity-contest
> Version: 1.76
> Severity: minor
>
> Hi,
>
> I have an nspawn container that has popularity-contest enabled, and the cron job results in emails telling me:
>
> gpg: Warning: using insecure memory!
>
> I assume that this is because the container is not configured to allow the permissions required to lock memory on the real system, so despite being run as root, gpg fails to lock the memory, and complains.
>
> One could grant that permission to the container, but that seems like overkill to solve this.
>
> One could normally configure gpg to ignore it, except that gpg is being invoked with --no-options.
>
> Therefore, I would suggest that you add `--no-secmem-warning` to the gpg invocation in order to suppress the warning. I have tried this, and it works.
Hi Philip,
Note that /etc/cron.daily/popularity-contest is a conffile, so you can suppress the warning.
> After all, the warning is about the danger that the unencrypted data might
> get saved to swap, and thus be exposed, which is clearly not an issue in this
> case because the cleartext is being saved as /var/log/popularity-contest
> anyway, so the warning is really pointless in this case.
Thanks, I also have plans to allow different programs than gpg once trixie is released.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: